Risk register 


No. Dateraised Opportunity/risk description (opportunities Type 
shaded in blue) 

1 

2 10/05/17 The ICO is seen as not being relevant to Internal/ 
information rights issues by its stakeholders External 
(the public, media, gov etc) in policy areas, 
engagement and the delivery of robust 
enforcement action, and hence loses influence. 

3 28/06/17 ICO fails to meet expectations when dealing Internal/ 
with priority files in terms of timing and External 
effective outcomes. 

4 26/01/18 Uncertainty around the legal framework for External 
data protection and the ICO's role in EDPB 
following withdrawal from the EU. 

5 05/05/17 That, as the skills of ICO staff are in high Internal/ 
demand, we see an increase in staff turnover, External 
either organisation wide or in discrete teams 
or departments, which has a detrimental 
impact on the capacity and capability of the 
organisation. 

6 01/04/17 Risk of insufficient operations resources to Internal 
match demand for our services, especially 
during the relative uncertainty as we transition 
to a new regulatory regime 

7 

8 05/05/17 That we fail to recruit the right people with the Internal/ 
right skills into the most important roles to External 
enable the ICO to prepare for GDPR. 

9 29/06/17 The ICO GDPR change programme is not Internal 
delivered to time to scope or within budget 

10 10/05/17 Amendments to UK legislation, needed External 
because of GDPR and the LED, are too late to 
allow the ICO, as regulator, or the regulated 
sector, to adequately plan and prepare for 
implementation. 

11 01/04/17 Cyber defences are not sufficiently robust External 


because the IT environment is not maintained 
to the required standard, security and 
integrity. 
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Actions required Owner 


International Strategy, Parliamentary and Gov SLT: 
Engagement Strategy and Technology Strategy Elizabeth 
being developed. Information Rights Strategic Denham 
Plan bedded in. SLT has direct oversight of rate 
of guidance production, guidance is being 
outsourced and SME focus of some comms 
work. 

Process agreed and monthly SLT oversight in 
place. Resource proposals being considered to 
increase resilience in this area. 


SLT: Steve 
Wood 


SLT: Steve 
Wood/ 
Emma Bate 


EU withdrawal planning group set up. Position 
paper on EDPB / ICO developed. 


Range of People projects underway to mitigate SLT: Paul 


strategic people risks. Progress reported to Arnold 

Change Board, SLT and MB. Implementation of 

pay systems review in response to successful 

outcome of pay case. 

Review and refine projections and close SLT: James 

monitoring of actual demand. Dipple- 
Johnstone 

Range of People projects intended to mitigate SLT: Paul 

strategic people risks. Progress reported to Arnold 

Change Board, SLT and MB. Implementation of 

pay systems review in response to successful 

outcome of pay case. 

Change programme in place mitigating risk on SLT: Paul 

an ongoing basis and overseen by SLT. Arnold 

Providing support to DCMS to ensure that SLT: Steve 

legislative changes are made. Monitoring Wood 

passage of the Data Protection Bill. 

Long standing compliance with PSM combined SLT: Paul 

with regular programme of IT health Arnold 


check/penetration tests . Working towards ISO 
27001 compliance. 
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12 24/07/17 An increasing number of regulators, some with External Reputation 2.0 3.0 Same © Medium Strategic Communications business plan overseen by SLT: Comms SG 24/07/17 


remits related to that of the ICO, results in a term Communications Steering Group, plus regular Elizabeth 
lack of clarity and reduced visibility of the ICO's communications strategy meetings with SLT Denham 
role and the Commissioner. 
13 05/05/17 As the ICO's fee income arrangements change Major Finances 2.0 30) Same €&> Shortterm Strategic We will maintain 100% follow up of data SLT: Paul DCEO SG 13/10/17 
our registration service is not equipped to cope Project controllers who cease to renew registration Arnold 
and as a result the collection of the ICO's fee and have produced external communications 
income is placed at risk. to make clear the need to renew each year. 


Project team are in the process of developing 
the processes and technology to implement 
new fee income collection service based on the 
future funding model. 


14 31/08/17 Poor industrial relations may impair Internal People 3.0 2.0 Same & Medium Strategic Regular Joint Committee meetings between SLT: Paul DCEO SG 13/10/17 
engagement between ICO management and its term TUS and Management. Arnold 
workforce, leading to sub-optimum 
productivity and reduced ability to deliver 


change. 

15 01/04/17 Ability of the ICO to spot emerging Internal Policy 2.0 3.0 Same <> Medium Strategic Technology Strategy being developed (came to SLT: Steve All SGs 21/12/17 
technological issues and to stay on top of them term SLT on 18 Dec) and coming to MB in Feb. Head Wood 
as they develop. of Technology Policy recruited. 

16 05/05/17 That we fail to take the opportunity to lead Internal People 2.0 3.0 Up T Longterm Strategic Range of People projects underway intended SLT: Paul DCEO SG 25/01/18 
and support all ICO staff to own and develop to mitigate strategic people risks. Progress Arnold 
their individual capability and to maximise reported to Change Board, SLT and MB. 


their personal contribution to our strategic 
goals and priorities. 


17 26/01/18 The new DPA raises unexpected demands on External Legal 3.0 2.0 Same <> Medium Strategic Shadow DP Bill team, outsourced legal advice SLT: Steve Policy SG 
the ICO that are difficult to meet, or creates term on DP Bill and close liaison with DCMS Bill Wood 
unintended regulatory consequences. team. 
18 05/05/17 The ICO may have insufficient funds to meet Internal Finances 1.0 4.0 Down = Shortterm Strategic Fee raising power confirmed in Digital SLT: Paul DCEO SG 25/01/18 
business needs following the implementation Economy Act. SI has now received Treasury Arnold 
of GDPR. approval. Implementation date moved to 25th 


of May. Discussions ongoing with DCMS 
regarding the penalty regime for non payment. 


19 05/05/17 The risk that in-year fee income is not received External Finances 1.0 2.0 Down  Shortterm Strategic We follow up 100% of expired registrations SLT: Paul DCEO SG 25/01/18 
at a rate necessary to fund our agreed budget and monitor the rate at which fee income is Arnold 
(2017/18). received week to week against previous trends 


and forecasts. Progress overseen by finance 
department and standing agenda item at DCEO 
steering group. 
20 05/05/17 That we do not have sufficient space to Internal People 1.0 2.0 Same © Medium Strategic Accommodation strategy agreed by SLT in SLT: Paul DCEO SG 30/08/17 
accommodate our expanding workforce. term May. A new lease was signed on space Arnold 
adjacent to Wycliffe house which increases 
Wilmslow accommodation by 20-25%. 
Continuing to explore ways of best utilising ICO 
space in general as well as in the new space. 


